Thanks for the addition.

To clearify this (I think config files are better than words/paraphrases):

/etc/apache2/sites-available/subdomain1.domain.conf

<VirtualHost *:80>
        ServerName subdomain1.domain.tld
        ServerAdmin admin@domain.tld
        ProxyPreserveHost On
        ErrorLog ${APACHE_LOG_DIR}/subdomain1.domain.error.log
        CustomLog ${APACHE_LOG_DIR}/subdomain1.domain.access.log combined
        Redirect permanent / https://subdomain1.domain.tld
</VirtualHost>
 
<VirtualHost *:443>
        ServerName subdomain1.domain.tld
        ServerAdmin admin@domain.tld
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/cert.pem
        SSLCertificateKeyFile /etc/apache2/ssl/privkey.pem
        <Proxy *>
                Order allow,deny
                Allow from all
        </Proxy>
        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/
        ErrorLog ${APACHE_LOG_DIR}/subdomain1.domain.error.log
        CustomLog ${APACHE_LOG_DIR}/subdomain1.domain.access.log combined
</VirtualHost>

/opt/atlassian/jira/conf/server.xml

(...)
<Service name="Catalina">
<!-- Apache Proxy Connector -->
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" scheme="https" proxyName="subdomain1.domain.tld" proxyPort="443" secure="true"/>
(...)

With this configuration, JIRA does not complain that tomcat might be configured incorrectly and most pages are working. However, some avatars are gone and the heatmap gadget on the dashboard refuses to work, some other gadgets are broken (like weird titles, buttons without labels, ...), some other are working. Everything else (as far as I can tell) is working without errors.

I'm cool with using apache, I just want to know why you're set on using it. It's technically another application to maintain and administer? Anyway, I see nothing explicitly wrong with the configuration presented. You've updated the Base URL, correct? It's subdomain1.domain.tld, correct?

I'm curious, what do you mean by "gone" and "refuses to work?" In this case, you'd usually be tailing the application log and navigating to pages that don't function correctly. If it's a server issue, usually you can rely on something being printed there when you call that page or action – If it's client side, you can usually rely on seeing a 404 or 500 in the browser console.

The baseurl is set to https://jira.domain.tld. This should be correct?!

We use apache2 because of several reasons:

• no prior experience with Tomcat (some of us were Java programmers, but none has experience with Java web development via Tomcat. We're developing applications with C++ / Cython / Python).
• JIRA, Confluence and Bitbucket are running on a big root, which already had an Apache up and running. Several other vhosts with other stuff are set up there with SSL support. Therefore we thought integrating in our existing infrastructure should be a good idea.
• we do not want to bother our customers nor our employees with ports. Apache offers it's nice proxy passing for redirecting and eliminating the ports
• the JIRA over SSL page (https://confluence.atlassian.com/jira/running-jira-over-ssl-or-https-124008.html) for configuring Tomcat directly is outdated. Latest supported versions says 6.4.
• the documentation seems to expect the admin to use GUI-tools for key converting, for configuring and so on. We don't like GUI-tools for admin stuff.

I will check the logs in the next days. By "gone" I mean that some avatars couldn't be loaded after the configuration and had to be re-uploaded. The heatmap gadget on the dashboard displays no data at all, so completely stopped working. Some other gadgets are broken, like having this __MSG_gadget.activity.stream.title__ instead of the correct title, or no title at all. Some gadgets' buttons have no labels now. Despite these two things (gadgets and avatars) everything else seems to work without errors - so far.

The guide you've posted is for beginners. I would totally disregard the GUI suggestions and I agree, they seem odd. I use command line tools only when terminating SSL on Tomcat. You are free to follow any method to terminate SSL in Tomcat or Apache. They've stopped creating the articles, as you've noticed – It's not "out of date."

You'll notice the big yellow warning on that page you provided that states the following – 

Atlassian applications allow the use of SSL within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

So, Atlassian doesn't officially support SSL, it's such a generic concept and you can do it so many ways it's not really in their offering. That's all i meant.

You are totally fine in using Apache HTTPD. In fact, you gave many reasons in which I would also decide to use Apache HTTPD, thanks for the detail. I just see so many people do so without good reason.

So, I think we're on the same page so far.

Based on your answers and posted configuration files, I think you've set the proxy up correctly. I think you've configured the application correctly. But we still have an issue. I've been able to locate RECENT issues that have only recently started occurring – 

Related Question: https://answers.atlassian.com/questions/24649645Related KB Article: https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html

I think the issue here is that modules inside of JIRA that access JIRA externally are not resolving your proxy. Someone posts a workaround in the related question – 

For me the problem was the JIRA application was not able to find the JIRA-url via https. Because the JIRA application is on the same network as the proxy server it is not able to use the external proxy IP. I added the internal proxy IP with the URL name to /etc/hosts which solved the problem for me.

The entry I added to /etc/hosts is like:

192.168.x.y jira.<domain>.<tld>

This looks very similar to our gadgets. Thank you very much, I will try the solution.

Too bad, it did not work 

I've tried the ip address of our network interface as well as 127.0.0.1 for the ip part and jira.domain.tld for the hostname.

In case anyone has the same issues in the future: Steven Behnke's basically solves the problem.

There is only one additional thing (absolutely essential!) if you want to enable SSL via Apache: JIRA (see catalina.out) complains, if Tomcat does not have the very same SSL certificates the Apache webserver is using. Thus, you have to manually add the certificates to Tomcat.

If someone needs help with this, contact me and I'll can add some information (I've written a shell script for automating this stuff).

Hello Daniel,

I am looking into solutions for setting up out Atlassian suite with SSL and would very much like to check out the information and script that you have written up on this subject.